Imagine it shifting from 5th to reverse on the autobahn. "Invalid page fault" followed by "fatal exception" followed by "Missing or Damaged Passengers."
i-n-f-r-i-n-g-m-e-n-t. Please use fewer 'junk' characters. Post aborted! Please try to keep posts on topic. Try to reply to other people's comments instead of starting new threads.
Walt Disney corp,n8B8B8Bn, oration is a gr.8B8B8B8B8Bb eedy parasite -8B8B8B8B8B8Bnd8P-''8g, e on the publi 8B8B8B8B8B8B8B ` _` `'-\..n. c domain. The `Y8B8B8B8B8B8B. / _` |-\\ (8"8b y are hypocr,nnn.. 8B8B8B8b.` | `\ \m\|8B8BP itical in t,d8B8B8B8B8B8B8B8Bb. \8b|.\P- -P8- eir use of- 8B8B8B8B8B8B8B8P--_- `8B_| ` ` `| public doma -8B8B8B8B8-'8' ` d8. ` `- ` ` `_/ in material.-Y8B8BP' -\ | |-|-b,_. _.--- and antagonistic to the ri.\`\_/ _./- ghts of american citizens. Th \_-- ey care nothing for the Constitution, except where it suits them. The founding fathers, were they alive today, would be publically burning Mickey in effigy.
It is possible to read parts of a remote machines memory. To be specific, it would have to be memory recently freed/swapped to disk. Consider this for example:
int main(int argc, char **argv[], char **envp[]) {
char *ptr=0;/* We take a rather large chunk of memory and fill it with A's */
int val, i;
while(1) {
sleep(1);
val = 30000000;// ~ 30 M
ptr = (char *)malloc(val);
memset(ptr, 0x41, val-1);
free(ptr);
} }
And then we modify nmap(1) (Around line 687) so it only transmits the first fragment out of a fragmented scan. This will illict a ICMP TTL Exceeded message. Due to Linux including a lot more of the packet than most other OS's, we have around 20 bytes to read. From memory, Solaris includes a little bit extra on ICMP messages.
Let's look at a sniffer trace from snort(2): (Ignore the time stamps, as the machine this was originally done had a date in 1994...)
AFFECTED: I assume it would be any OS that includes more than the ip addresses/ports.
USAGES: The ramifications from this could be great. You may get fragments of the shadow file, various plaintext passwords (greatly depends...), pieces of code, urls, random memory.
One specific use is for this could be identifying the endianness of a remote machine because of the addresses are in memory. (Reading from Linux Magazine November 2001, page 50, you have 0xef* for the stack on a big endian system as opposed to the 0xbf* on little endian. (linux-wise)).
FIX:
hrmm.... well.
Locking memory for important stuff (passwords etc.). I've forgotten the call to do that but it is possible. This will prevent swapping to disk which might make it better.
Modifying the kernel so in its idle loop (or whatever) it wipes some (unused!) memory. Could lead to a race though...
A small program to continues malloc() / zero / free() stuff. A little like the program above, but zeroing it instead. (You could always take the offensive stand by filling it with decoy data... that's left to the reader to implement.;)
Make the network code zero out the packet before sending it. This would slow it down though, and make it even more obvious that you are running linux.
Filter out various icmp error messages, but as usual that breaks everything.
"This information leakage vulnerability is trivial to exploit and has potentially devastating consequences. Several different variants of this implementation flaw result in this vulnerability," the @stake researchers wrote in their paper on the flaw, released Monday. "The Linux, NetBSD and Microsoft Windows operating systems are known to have vulnerable link layer implementations, and it is extremely likely that other operating systems are also affected."
The most likely exploitation of the vulnerability would be for an attacker to send ICMP (Internet Control Messaging Protocol) echo requests to a vulnerable machine. The machine would then send back replies containing portions of the device's memory. In tests, the researchers found that most often the pad data sent in error contains portions of network traffic that the vulnerable device is handling.
... how much? The pad of older data in a 46 byte header can't contain a lot of data.
I can see that. In my operation, ghost takes care of the desktops. I re-ghost all the machines every couple of months, to clean off the cruft and enforce having the latest patches, etc. I have a Ghost image with all of our common software on it, along with drivers for every desktop we have (they're all recent Dells), so the ghost image "just works." Of course, we're not using any XP products, but the (yes, properly licensed) 2000 versions. For the servers, I install a "base" image via Ghost, and add things to that (for instance, web apps come out of CVS). It takes ~20 minutes to go from unpacking a new server to having it running with the web app on it, all patches applied, etc. But we're probably smaller than you.
Hm, not according to the Microsoft rep I talked to ("500 and up"). I like to use Ghost. Your "automated rollout" takes a couple of hours, it looks like. Ghost takes 15 minutes.
Hehe, some people would. Most NRA-type people would welcome publically-sponsored, mandatory training on the safe use and storage of firearms. It would be fun, and useful.
I, for one, would support it. And I'm pro- 2nd Amendment.
Unlike Americans, we can't just walk in to the local Guns'R'Us and buy a handgun.
We can't do that either. We have to have permits issued by the local sheriff, and wait a certain number of days to get it. Each handgun purchased is registered to the buyer.
Long guns (rifles, shotguns) can be bought a Walmart, Dick's Sporting Goods, etc.
I'm running RedHat 8.0 at home, and Win2k at work. At home, I've had to install three patches since the release of RH8. At work, I've installed at least a dozen.
The latest one (MDAC exploit-O-rama) is making me figure out how to get rid of I.E. at work. Mozilla 1.1 is already on all of the machines. The only hang-up is that Mozilla doesn't support page breaks, and IE does. Some of the reports our business (web) application produces depends on having page breaks to produce nicely formatted output.
Anyone know of a way to do something like this with Mozilla?
Actually, DOS, "Disk Operating System," was originally QDOS, "Quick and Dirty Operating System," which was a copy, more or less, of CP/M. Seattle Computer Products got tired of waiting for a version of CP/M for the 8086 chip, so they "wrote" QDOS in a few months. I put "wrote" in quotes, because apparently they disassembled CP/M, made some small changes, and put it back together. Quoting an article on about.com:
"QDOS was based on Gary Kildall's CP/M, Paterson had bought a CP/M manual and used it as the basis to write his operating system in six weeks, QDOS was different enough from CP/M to be considered legal"
Rumor is, Paterson's use of CP/M as the basis for QDOS went beyond reading the manual, unlike Compaq's effort to clone the IBM BIOS.
MSFT bought QDOS, chopped off the "Q", and changed the meaning of the acronym -- "Dirty" became "Disk."
"CP/M" stood for "Control Program/Monitor," which is an accurate name, unlike "Disk Operating System," which is not. DOS does not rise to the level of "operating system," any more than the BIOS does. It's a program monitor and small library. It exerts no control over the programs that use it.
I know I'm splitting hairs. Please tell me how "DOS" is substantively different than the BIOS plus a file-access library, and why the BIOS itself doesn't qualify as an OS under your chosen definitions.
The lexical analyzer is hardwired in XML, with yacc you can roll your own
Yep, that's the problem. Version 2 of XMLDocFormat is still readable by a Version1 parser... because it's standardized. Your yacc-and-checken-wire solution is neither backwards not forwards compatible, unless you're really careful to make it that way. And it's still not compatible with other people's formats. It's *non-standard*.
Slashdot Mirror
Imagine it shifting from 5th to reverse on the autobahn. "Invalid page fault" followed by "fatal exception" followed by "Missing or Damaged Passengers."
What's wrong with 14 years of copyright protection? Why is "lifetime of creator plus 90 years" a good thing?
"Ransom" Love, indeed
I can see that. In my operation, ghost takes care of the desktops. I re-ghost all the machines every couple of months, to clean off the cruft and enforce having the latest patches, etc. I have a Ghost image with all of our common software on it, along with drivers for every desktop we have (they're all recent Dells), so the ghost image "just works." Of course, we're not using any XP products, but the (yes, properly licensed) 2000 versions. For the servers, I install a "base" image via Ghost, and add things to that (for instance, web apps come out of CVS). It takes ~20 minutes to go from unpacking a new server to having it running with the web app on it, all patches applied, etc. But we're probably smaller than you.
Freshmeat is about Unix software. Mac OSX is Unix. Windows is not.
> You can get these editions in quantities of 5.
Hm, not according to the Microsoft rep I talked to ("500 and up"). I like to use Ghost. Your "automated rollout" takes a couple of hours, it looks like. Ghost takes 15 minutes.
Unfortunately, "volume editions" are not available to small businesses. Happy you, with the corporate version.
How about the silly WPA reg keys?
Have you tried that with "XP" products?
Well, here's one on "the Beeb" of a carjacker and a syringe filled with "a deadly substance:"
http://news.bbc.co.uk/1/hi/england/1810150.stm
Hehe, some people would. Most NRA-type people would welcome publically-sponsored, mandatory training on the safe use and storage of firearms. It would be fun, and useful.
I, for one, would support it. And I'm pro- 2nd Amendment.
Gun control began in this country to keep guns out of the hands of blacks.
s m.html
http://www.shadeslanding.com/firearms/cramer.raci
Unlike Americans, we can't just walk in to the local Guns'R'Us and buy a handgun.
We can't do that either. We have to have permits issued by the local sheriff, and wait a certain number of days to get it. Each handgun purchased is registered to the buyer.
Long guns (rifles, shotguns) can be bought a Walmart, Dick's Sporting Goods, etc.
Without guns, they'll switch to other deadly weapons, such as syringes full of HIV-infected blood (as in Britain).
There's a program to capture a VNC stream to a playable file. Search freshmeat.
Apparently 1.1 does.
(yanking foot from mouth)
I'm running RedHat 8.0 at home, and Win2k at work. At home, I've had to install three patches since the release of RH8. At work, I've installed at least a dozen.
The latest one (MDAC exploit-O-rama) is making me figure out how to get rid of I.E. at work. Mozilla 1.1 is already on all of the machines. The only hang-up is that Mozilla doesn't support page breaks, and IE does. Some of the reports our business (web) application produces depends on having page breaks to produce nicely formatted output.
Anyone know of a way to do something like this with Mozilla?
<br style="page-break-after: always"/>
Actually, DOS, "Disk Operating System," was originally QDOS, "Quick and Dirty Operating System," which was a copy, more or less, of CP/M. Seattle Computer Products got tired of waiting for a version of CP/M for the 8086 chip, so they "wrote" QDOS in a few months. I put "wrote" in quotes, because apparently they disassembled CP/M, made some small changes, and put it back together. Quoting an article on about.com:
Rumor is, Paterson's use of CP/M as the basis for QDOS went beyond reading the manual, unlike Compaq's effort to clone the IBM BIOS.
MSFT bought QDOS, chopped off the "Q", and changed the meaning of the acronym -- "Dirty" became "Disk."
"CP/M" stood for "Control Program/Monitor," which is an accurate name, unlike "Disk Operating System," which is not. DOS does not rise to the level of "operating system," any more than the BIOS does. It's a program monitor and small library. It exerts no control over the programs that use it.
I know I'm splitting hairs. Please tell me how "DOS" is substantively different than the BIOS plus a file-access library, and why the BIOS itself doesn't qualify as an OS under your chosen definitions.
The lexical analyzer is hardwired in XML, with yacc you can roll your own
... because it's standardized. Your yacc-and-checken-wire solution is neither backwards not forwards compatible, unless you're really careful to make it that way. And it's still not compatible with other people's formats. It's *non-standard*.
Yep, that's the problem. Version 2 of XMLDocFormat is still readable by a Version1 parser
Agreed... but is there any OSS project that is duplicating VBA? And if not, why not? [...] Why can't it be duplicated?
Why not? Because it sucks. Why implement the mistakes of the past to support vendors who made poor choices, and support a monopoly?
Sorry if your comment is supposed to be humorous and I fail to see it...but isn't that exactly what an OS is supposed to do?
It's not meant to be humourous, just factual. DOS is fundamentally different than an operating system (for example, Unix or NT).
Actually, DOS is more of a library to provide access to files, etc. than an OS. It's an overgrown BIOS.
Really!
Yes. There are a *lot* of MSFT systems out there, and the more people who know about the problems, and the fixes, the better.